Description

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of the newly created port group is stored in the value of the name parameter. After the port group is created, the entry is displayed along with relevant buttons such as Edit and Delete. This issue has been fixed in version 26.2.0.

INFO

Published Date :

2026-02-20T02:26:32.702Z

Last Modified :

2026-02-20T15:53:20.444Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-26992 vulnerability.

Vendors Products
Librenms
  • Librenms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-26992.

URL Resource
https://github.com/librenms/librenms/commit/882fe6f90ea504a3732f83caf89bba7850a5699f cve-icon cve-icon
https://github.com/librenms/librenms/pull/19042 cve-icon cve-icon
https://github.com/librenms/librenms/releases/tag/26.2.0 cve-icon cve-icon
https://github.com/librenms/librenms/security/advisories/GHSA-93fx-g747-695x cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact